Retraceur 3.2.0 : une mise à jour de sécurité

Publié le

dans

.
Une sauveteuse préparant son poste de garde

Today I released Retraceur 3.2.0.

This release does not introduce any new features. It is a maintenance release focused exclusively on addressing security vulnerabilities in the core software.

These vulnerabilities were recently fixed in WordPress® (yesterday on July 17, 2026. Many thanks to its contributors). Since Retraceur is a fork of that project, the affected code was also present here. I therefore backported the corresponding patches to the 3.0 branch and prepared this security release.

Security Fixes

This version includes the following fixes:

  • backport of the fix for a SQL injection vulnerability;
  • backport of the fix for a REST API batch-route confusion issue that could lead to SQL injection and, in certain circumstances, remote code execution.

Although Retraceur is gradually diverging from WordPress® to follow its own direction, it still shares a significant portion of its codebase. This also means keeping track of upstream security fixes so that Retraceur users benefit from the same level of protection.

If you are running Retraceur 3.0 or 3.1, I strongly recommend upgrading to version 3.2.0 as soon as possible.

Security is never something that can be taken for granted. It requires continuous maintenance, and this release is simply part of that ongoing responsibility.

Featured image credits Nikolay Loubet on Unsplash

Updating

You can update to Retraceur 3.2.0 through the built-in update mechanism or by replacing the core files with those from this release.

As always, it is recommended to back up your database and the wp-content directory before updating.

Note: The WordPress® trademark is the intellectual property of the WordPress Foundation. The use of the WordPress® name in this article is for identification purposes only and does not imply endorsement by the WordPress Foundation.